cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
daki28
Great Citizen / Super Citoyen

Re: SIM Swap Fraud

We need to be clear that not every 2FA that is using SMS will be in danger of giving access to account. Since that is the (usually) Second authentication, it will happen only after 1st authentication which means somebody has your password .  So if you remove 2FA as an option, then it doesn't matter as they already know password.. The only risk is actually if in 'forgot my password' they are using only phone number (SMS) for recovering credentials and that's the real danger. So, if you have a service that does it, remove your phone number (if you can). So it doesn't mean that you will lose access to all your accounts, but just a thought of 'losing' number by somebody switching SIM card for me is scary. Btw, I love 2FA and I think it is the most reliable way to secure your accounts, as long as it is set and used properly. 

Pawprints1986
Model Citizen / Citoyen Modèle

Re: SIM Swap Fraud

2fa always bothered me especially email address based ones. Always figured if someone knew enough to get into my account, they probably already know my email too 

 

I'd much prefer to be able to choose a preference of 2fa *or* thumbprint. Even if someone stole and was holding my phone, good luck getting my severed thumb to last very long lol. 

 

2fa just very time consuming when it is you. Especially for sites that don't allow special characters in your password! Its like, let us properly strengthen the first one and we won't need the second one!

stevenanto
Model Citizen / Citoyen Modèle

Re: SIM Swap Fraud

@Teslas I agree with you that a fraudster can basically get any info they want off of the phone if they can hijack your SIM, people do keep their automatic credit info on there for faster checkout, some people have personal emails, codes, passwords and so on. 

 

the 2fa might be viable option but we each take our steps to protecting ourselves. 

daki28
Great Citizen / Super Citoyen

Re: SIM Swap Fraud


@Pawprints1986 wrote:

2fa always bothered me especially email address based ones. Always figured if someone knew enough to get into my account, they probably already know my email too 

 

I'd much prefer to be able to choose a preference of 2fa *or* thumbprint. Even if someone stole and was holding my phone, good luck getting my severed thumb to last very long lol. 

 

2fa just very time consuming when it is you. Especially for sites that don't allow special characters in your password! Its like, let us properly strengthen the first one and we won't need the second one!


That would be the case only if you use same password for everything  (I hope you don't) and they know your email address. You can protect your emails with 2FA too. Also, let's not mix having 'SiM Hijacked' and device lost, those are 2 different things and device you can protect yourself by different steps. I don't see 2fa time consuming as generally, you can 'trust this browser' when you do it first time and you are not asked again, which is perfectly fine if you own device. I'm ok with spending few seconds to authenticate myself first time using 2FA. Also, on the phone you can use 'thumb' or 'face identification' to avoid typing anything for quicker access. 

We are all different and some people are not even comfortable with using online banking or something. But 2FA is the only way to fully protect yourself. 

dabr
Mayor / Maire

Re: SIM Swap Fraud

If PM does ever get around to making changes and, hopefully, requiring, at the minimum, a PIN before being allowed to change the SIM in the account, I'd also like to see them permitting users to have the option of using an unique username (obviously totally different from Community username) instead of the email for logging into the self serve account.  I've never thought emails should be used to login into accounts with sensitive personal information, although they are definitely more convenient to remember. 

daki28
Great Citizen / Super Citoyen

Re: SIM Swap Fraud

@dabr Yeah, I agree. Another thing is that I think most of users (even I did originally), take these 'community' accounts as 'less important' and create easy passwords. Then guess what, if somebody can get into, they can reach out to Moderators as yourself and get into your account. 

Re: SIM Swap Fraud


@daki28 wrote:

@dabr Yeah, I agree. Another thing is that I think most of users (even I did originally), take these 'community' accounts as 'less important' and create easy passwords. Then guess what, if somebody can get into, they can reach out to Moderators as yourself and get into your account. 


That isn't how it works. There is no link between your Community account and your self serve account, other than for the purposes of distrubuting Community rewards. The fact that there's no other link between the the two is the very reason that the SIMon forces customers to authenticate the self serve account and link it to the Community account each time a ticket is opened.  This is only so that the modeartors know how to contact you. Someone else having your Community account password means nothing unless you have a open ticket with the moderators and moderators are sending private messages to this account.

daki28
Great Citizen / Super Citoyen

Re: SIM Swap Fraud

@computergeek541  I thought that you if you have any issues and 'cannot login' into your account, you have to use 'community account' that has the same email address. Am I wrong here?

Re: SIM Swap Fraud


@daki28 wrote:

@computergeek541  I thought that you if you have any issues and 'cannot login' into your account, you have to use 'community account' that has the same email address. Am I wrong here?


This is incorrect.  It does not matter which Community account is used to open a ticket or the e-mail address that is associated with it.

daki28
Great Citizen / Super Citoyen

Re: SIM Swap Fraud

@computergeek541  OK. Then I misunderstood how that works. Thanks.  

Need Help? Let's chat.